After installing Netapp Filer and Scan Engine host in a windows 2008 domain it is not possible to get the vscan server registered on the Filer.
search cancel

After installing Netapp Filer and Scan Engine host in a windows 2008 domain it is not possible to get the vscan server registered on the Filer.

book

Article ID: 152156

calendar_today

Updated On:

Products

Scan Engine AntiVirus for Caching Protection Engine for NAS

Issue/Introduction



Symptoms
Here is what may be observed on the Netapp Filer side:

[FILER01: vscan.server.connecting.successful:info]: CIFS: Vscan server \\SSE01 registered with the filer successfully
[FILER01: cifs.server.infoMsg:info]: CIFS: Warning for server \\SSE01: Connection terminated
[FILER01: vscan.server.connectError:error]: CIFS: An attempt to connect to vscan server \\SSE01 failed [0xc000015b]
[FILER01: vscan.dropped.connection:warning]: CIFS: Virus scan server \\SSE01 (XX.XX.XX.XX) has disconnected from filer


On the ScanEngine the following error may be seen in the Security Log:
"EventID: 4625. An account failed to log on. Security ID: NULL SID. Failure Reason: The user has not been granted the requested logon type at this machine. Status: 0xc000015b"

 

Cause

New Operating Systems from Microsoft (VISTA/Windows 2008/Windows 7) are much more restrictive about giving anonymous access to Named Pipes over the network. Netapp Filer needs to connect anonymously to Named Pipe called NTAPVSRQ on the Scan Engine host. On Windows 2008 by default only "browser" is on the list. The situation might be additionally compounded if the network administrator deploys a more secure Group Policy and also if the Scan Engine server is in a different domain than the Netapp Filer.

Resolution

Try the following:
1. NTAPVSRQ needs to be added to the list of Named Pipes that can be accessed anonymously, either via:
a) Group Policy - it is strongly suggested to do it this way:
- click Start -> Administrative Tools -> Local Security Policy
- expand Local Policies and click on Security Options.
- find the option called "Network access: Named Pipes that can be accessed anonymously" and add NTAPVSRQ to the list there.

b) or via registry
- go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\NullSessionPipes
- add NTAPVSRQ to the list

2. Restart the Server
3. If it didn't help - go the same place as in point 1/a, find "Network access: Let Everyone permissions apply to anonymous users". Set it to "Enabled"
4. Restart the Server
5. If all of the above fails, try to reinstall the Scan Engine product.




 


Powered by Wolken Software